[00:02] <cjs> red2kic: I understand what you want to do. I don't know if Xen will do it or not, however.
[00:02] <cjs> As I said, I've considered it myself, and it wouldn't be a trivial setup.
[00:03] <cjs> Do you have lots of sysadmin experience and more time than money?
[00:03] <red2kic> cjs: Gotcha. No sysadmin experience. I have time. Yes.
[00:03] <cjs> Or, perhaps a better way of approaching this is, why do you want to do this rather than just buy three or four cheap machines?
[00:04] <red2kic> cjs: Because it is probably cheaper.
[00:04] <red2kic> cjs: Not to mention... This approach probably reduce electricity uses too.
[00:04] <panfist> what do you want these machines to do
[00:04] <cjs> Ah. You definitely want just to buy several machines. Unless you're intending to learn a *lot* as the main purpose of this.
[00:05] <cjs> Actually, I don't think the electricity savings will be much, since monitors use as much power as low-power machines anyway.
[00:05] <panfist> i've personally never seen a system with multiple discrete input devices running distinct user sessions
[00:05] <red2kic> Basic Internet Cafe. My friend will own a restaurant (will have cable + wifi). I was wondering how difficulty it would be to set up that.
[00:06] <panfist> i dont think you need xen
[00:06] <cjs> panfist: I have. Admittedly, all but one were "virtual" framebuffers and keyboards accessed with vnc.
[00:06] <panfist> well yeah that's pretty common
[00:06] <red2kic> cjs: Don't leave the monitors idle too long. Use "sleep 1 && xset dpms force off" to force a monitor standby. :)
[00:06] <cjs> red2kic: Keep in mind, you need also deal with the possibility of hardware failure.
[00:06] <panfist> firstly, there is KVM which is a kernel supported virtualization platform
[00:06] <cjs> Do you really want to lose four terminals when a host blows up?
[00:06] <panfist> secondly, all the stuff for handling multiple user sessions is built into linux already
[00:07] <cjs> panfist: What do you mean by "kernel-supported?"
[00:07] <red2kic> panfist: What packages am I looking for? Or you're talking about avoiding gdm entirely? Using .init* ?
[00:07] <panfist> "the kernel component of KVM is including in mainlinx linux as of 2.6.20"
[00:08] <panfist> i have no idea how to accomplish what you want other than I know you don't need xen to do it
[00:08] <cjs> red2kic: Speaking as someone who's been doing sysadmin for, oh, about twenty years now, you want just to go with a separate machine for each station. Otherwise your sysadmin costs will skyrocket, and you'll end up paying much more than you would for the separate host solution.
[00:09] <panfist> i would be inclined to agree with cjs
[00:09] <panfist> although i only have one year of formal sysadmin experience
[00:10] <red2kic> cjs: There will be no sysadmin -- I'm just a desktop user who took a leap of faith down the rabbit hole and found himself in a bright world.
[00:11] <red2kic> I'm looking for a simple solution approach -- A restaurant with few computers free for Internet usage.
[00:11] <red2kic> I would have to update/upgrade all machines and should I change something, I'll have to change all too. Too much labor intensive?
[00:14] <cjs> red2kic: Well, you'll be the sysadmin. As I said, go with separate machines, and keep everything as bog-standard as you can. You want things to be as simple and "normal" as possible (i.e., using the most common configurations) so that you minimize the problems you'll have to deal with.
[00:14] <cjs> Keep in mind, I know what you want to do, I've wanted to do that myself, and I've never gone beyond the research stage because it is so difficult.
[00:15] <cjs> As for updating multiple hosts instead of one, a) you'd have that problem anyway if you used virtual hosts, since they're still separate hosts, and b) there are tools to deal with that sort of thing.
[00:15] <cjs> Though honestly, the work you'd have to put in to learn those tools is probably not worthwhile for a handful of hosts.
[00:17] <red2kic> cjs: I understand. Avoid -desktop -- Go with... say gnome-core and avoid recommendations. Less configuration, less packages. I'm looking for this http://tinyurl.com/2fpntxe without paying for the license. :P
[00:18] <red2kic> I guess I should try the trial.
[00:18] <red2kic> Or you were talking about thin clients?
[00:22] <cjs> red2kic: I'm not sure what you mean by "avoid -desktop." Use whatever you use at home.
[00:23] <fluvvell>  /msg NickServ identify sirius63
[00:24] <cjs> red2kic: Ah, Useful Multiplier looks good. Go with that.
[00:31] <cjs> red2kic: Actually, come to think of it, Useful Multiplier may cost more than it saves, unless you buy the hardware from them. Otherwise you're going to have to deal with building (or getting someone to build for you) a machine with several video cards in it. Finding an appropriate motherboard alone will be a bit of work.
[00:32] <cjs> Though their "Userful Desktop" product sounds good.
[00:37] <cjs> thesheff17: I figured out the issue with md using sda instead of sda2. The md superblock is in the last 128K of the block device. Depending on how the last partition is sized, the md superblock in the last partition may or may not fall within the last 128K of the disk holding that partition. If it does, then it will appear as an md superblock for the disk, as well as the partition.
[01:51] <cjs> Oh, crap. Only one of my two drives will boot.
[01:51] <cjs> They're both identical in the first megabyte except for a few bytes in sector 0. I wonder what's up with that?
[01:52] <cjs> And I know physically which one is ok, but how do I tell whether it's sda or sdb with both drives plugged in?
[01:54] <cjs> Ah, the disk signature at 0x1b8 is different between the two. So I guess the BIOS likes only one signature, and not the other. I wonder which one is good?
[01:54] <cjs> I guess I can hook up just the good drive to figure it out.
[01:55] <cjs> Oh, hmm....no, it's supposed to be different. Hmmm!
[01:55] <cjs> Thoughts, anyone?
[01:55] <cjs> (The issue is that one disk boots fine, whether it's on SATA 0 or SATA 1, the other, on either channel, gives me the BIOS message saying that no bootable disk was found.)
[02:10] <thesheff17> cjs you there?
[02:12] <thesheff17> cjs I have a feeling when grub goes to install it only actually installs on /dev/sda
[02:12] <thesheff17> I think you would have to manually install grub on /dev/sdb to get it to work
[02:12] <cjs> No, the installer does both, and I've manually done a grub-install /dev/sdb.
[02:12] <thesheff17> ah ok
[02:13] <thesheff17> then you know what you are doing
[02:13] <thesheff17> hmm.weird
[02:13] <thesheff17> maybe BOIS boot order?
[02:14] <cjs> Yeah. The only difference in the first megabyte is four bytes at 0x1b8, which is the disk signature, which is supposed to be different.
[02:14] <cjs> The non-booting disk fails on either channel, when it's the only disk in the system.
[02:14] <thesheff17> ah ok
[02:14] <thesheff17> strange
[02:15] <cjs> Very. Did you see my note above re the md superblock issue, by the way?
[02:15] <thesheff17> wonder if you re installed with the drives swapped would /dev/sdb not boot
[02:15] <thesheff17> oh wow
[02:15] <thesheff17> yea
[02:15] <cjs> I wonder that too. But I am getting *rather* sick of installing this thing....
[02:17] <thesheff17> yea I have installed raid a bunch...but never really tested a whole lot with making sure the second drive actually boots
[02:17] <cjs> You might want to consider testing that. :-)
[02:17] <thesheff17> actually I have never...the worst case if the first dive fails...you can always use knoppix or the ubuntu cd to get the raid data
[02:18] <cjs> Sure, but in the meantime your host is down. If your other drive boots, just yank the broken one and boot. (Put in a spare then or later so you can rebuild, if you like.)
[02:19] <thesheff17> true
[02:19] <cjs> The point of RAID is, after all, continuous operation in the face of disk failure. If you're just concerned about the data, you can get it off your backups.
[02:23] <thesheff17> true...I just want to tell you I have had some really bad raid5 failures where I couldn't get the data back....
[02:23] <thesheff17> so now I just stick to mdadm w/ raid1
[02:24] <thesheff17> technically though should need grub on the second drive since if a drive fails...the machine should stay up :)
[02:24] <thesheff17> should not* I meant
[03:02] <panfist> i'm trying to follow the OpenLDAP server docs on the Lucid Server Guide; i get about halfway through when I'm prompted to "Enter LDAP Password:" and nothing works
[03:03] <twb> In 8.04, there's a known bug in udev that makes it prefer LVM snaphots over origins when mounting by UUID or label.
[03:04] <twb> Can I fix this by patching udev rules in-place, or are my only options 1) upgrade to 10.04; or 2) don't use UUID/labels?
[03:29] <Roxyhart0> hi there, i got a problem. I just added a new network card to my new ubuntu server and it is unable to take IP by dhcp. The server can recognize the network card. Somebody know what could be the problem?
[03:31] <jmarsden> Roxyhart0: Add lines to your /etc/network/interfaces to tell the server that card *should* use DHCP.
[03:32] <Roxyhart0> yes, it is ready...but still cant receive IP..
[03:33] <jmarsden> Then I don't know.  Firewall rules blocking DHCP??
[03:34] <Roxyhart0> i dont think so because eth0 works but not eth1
[03:34] <Roxyhart0> it is a PCI and is new
[03:35] <Roxyhart0> usually when i done before just install the card and dont neew to do nothing else
[03:36] <cjs> Roxyhart0: does it have carrier? Does tcpdump on that interface show network activity?
[03:37] <Roxyhart0> it is connected to my internal network, so the dhcp is internal and there are network activity but just in eth0
[03:37] <cjs> Wait a sec...are both cards connected to the same physical network?
[03:38] <Roxyhart0> yes
[03:39] <cjs> What are you trying to achieve with that?
[03:40] <Roxyhart0> i want to configure a NAT server
[03:40] <Roxyhart0> so, i need 2 cards
[03:40] <Roxyhart0> at least
[03:43] <Roxyhart0> solved the problem...but not sure what was
[03:43] <Roxyhart0> thanks for the help
[03:46] <cjs> Roxyhart0: hang on, so you're running two different IP networks across one ethernet?
[03:46] <Roxyhart0> at the moment just for testing ...at the end one with be for the local network and the another for NAT
[03:52] <cjs> Well, ok. So long as you've got two different IP networks. Though it sounds like you don't.
[04:04] <Roxyhart0> yes i can move one for another subnet
[06:12] <panfist> i've been trying to get openldap server up and running with no success. if i want to start over, how do i know i'm starting from scratch and nothing left over from the previous try?
[06:16] <cjs> Remove the packages using "aptitude purge".
[06:16] <cjs> That will ensure that the configuration information, as well as the packages, are removed.
[06:17] <cjs> So when I do a minimal virtual server install of 10.04, and it asks about packages, what does the "Basic Ubuntu server" selection install?
[06:18] <cjs> Googling the term produces no results, unfortunately.
[06:21] <panfist> well you could try to just do it, then list the packages
[06:22] <panfist> i would look but http://packages.ubuntu.com/lucid is not working for me
[06:23] <cjs> yes, but once I've installed them, I have a list of hundreds of installed packages, and I don't know which were installed by that option and which would have been installed anyway.
[06:23] <panfist> then just install it with that option
[06:24] <panfist> it's brute force but it'll give you the answer
[06:24] <cjs> That page works for me, but how would I find out what that option does? I've already checked with aptitude, but there's no package or meta-package or anything like that that I can find that resembles this "Basic Ubuntu server" option.
[06:24] <panfist> sorry if i'm recommending an ugly solution, i've been banging my head against openldap for 16 hours...brute force is all i have left in me
[06:25] <cjs> I think the issue is that I'm not clear on what solution you're recommending at all. :-)
[06:26] <panfist> i could get the answer in 5 minutes at work...open virtualbox, create new vm, configure an ubuntu vm, point to ubuntu server install media, install basic ubuntu server
[06:26] <panfist> dpkg -l
[06:26] <panfist> that site does seem to be back up. i notice momentary outages on packages.ubuntu.com all the time
[06:32] <cjs> Ah, install another one without the option checked, and then compare package lists. Yes, I can do that.
[06:32] <panfist> well i would have just installed it with only that option checked
[06:32] <panfist> if it's possible
[06:33] <cjs> yes, but then how do you tell which packages came with it and which did not?
[06:33] <panfist> if it's the only option checked...then don't all the packages come in it? am i missing something?
[06:33] <cjs> (If it's not clear, this is an option in addition to the "minimal virtual system" that's installed regardless.)
[06:34] <panfist> ahhh
[06:34] <cjs> No, this is in the additional packages selection screen.
[06:34] <cjs> You know, where you get DNS server, mail server, all of that?
[06:34] <cjs> When you install a "minimal" system, you also get that "Basic Ubuntu server" option as well.
[06:34] <twb> I'm speccing a new lab.  It'll be running 8.04 initially, then 10.04 later.  The board I'm looking at has an rtl8111c gigE NIC.  Is this handled by the rtl8169 driver?
[06:34] <panfist> then i think you're right, you would need to do two installations, since the documentation is definitely light
[06:35] <cjs> "No results from Google" isn't light; it's astonishing. :-)
[06:36] <twb> ubuntu-minimal and ubuntu-standard should both be pulled in by any normal ubuntu server install.
[06:36] <twb> If that's undesirable, there are ways to prevent that.
[06:36] <cjs> twb: I've got an RTL8110s running fine under 10.4 right now, if that helps at all. Any reason you're starting with 8.04 than 10.04?
[06:37] <twb> cjs: legacy
[06:37] <twb> The SOE isn't ported to 10.04 yet
[06:37] <cjs> twb: I don't think it's undesirable; in fact, I probably don't care that much. I'm mostly just very curious.
[06:38] <cjs> Well, in particular I do care about what g*d-d**ned daemons it's going to start up on public interfaces, but that's an inevitable problem with Ubuntu, it seems.
[06:38] <twb> cjs: a server install shouldn't have many of those.
[06:38] <twb> cjs: what did ss -lp report?
[06:39] <panfist> ls /etc/init.d/ isn't exactly all that long
[06:39] <twb> panfist: that's because most of its now in Ubuntu-specific /etc/init
[06:39] <panfist> o
[06:39] <panfist> well that's not long either :)
[06:40] <cjs> twb: Oh, that's a handy command. I didn't know about that.
[06:41] <cjs> But my real complaint is that I always have to remember to check when packages that might start servers (and there are a surprising number of them) are installed. It introduces a large amount of human error into the system.
[06:41] <cjs> Or forces me to install a firewall (yet more opportunity for human error) to firewall a system that shouldn't be listening on the damn ports in the first place.
[06:43] <panfist> you make a point but i don't think ubuntu's number one priority is security
[06:44] <cjs> Argh. Grr. The installer is changing my hostname again, too. That went away for a while, and now it's back.
[06:45] <twb> cjs: if you're on an untrusted network, you should have a firewall.
[06:45] <cjs> panfist: Well, there's "not number one priority," and there's "come rape me if I'm connected to the Internet." Seriously.
[06:45] <twb> cjs: simply having an open port doesn't mean there's an exploit there.
[06:45] <cjs> And no, firewalls are a hack to deal with systems you cannot properly secure.
[06:46] <cjs> No, but having a closed port means that there almost certainly isn't one.
[06:46] <panfist> so what's listening in a default server install?
[06:46] <twb> Granted.
[06:46] <panfist> my twon installations i can see right now are both behind vpn/firewall and have been altered so far from vanilla i couldn't say
[06:46] <cjs> panfist: Not too much, actually. Though it turns out that I have passwordless vnc for all of my virtual servers on localhost.
[06:47] <cjs> Not sure what "dnsmasq" is.
[06:47] <twb> cjs: that's the VM infrastructure's fault.
[06:47] <twb> As is dnsmasq.
[06:48] <cjs> But what usually gets me is stuff like, I happen to need a copy of lighttpd installed to run some tests or something (I have several systems where the automated test framework uses it), and unless I remember, I'm now also running a public web server.
[06:49] <cjs> Hmm, I suspect that the dnsmasq may go away if I kill that NAT capability in virt-manager.
[06:49] <twb> cjs: if it was up to me, daemons wouldn't automatically bind to *: by default
[06:49] <panfist> most daemons i have installed on ubuntu that have network capability default to listening to connections from localhost only
[06:50] <panfist> i don't know if that matters; security isn't a topic i'm an expert on
[06:50] <twb> Currently defaults are done more or less to the whim of the package maintainer, so e.g. openssh-server listens to all interfaces by default, but dnsmasq and vsftpd do not.
[06:50] <panfist> i see
[06:50] <panfist> that's not good
[06:51] <twb> cjs: you could also use tcpd and hosts.allow/hosts.deny in a "default deny" rule, but that's pretty much the same as a default deny firewall.
[06:51] <twb> Certainly having a default deny firewall would guard you against accidentally installing a service and forgetting to making it bind to lo: only, as in your lighttpd example.
[06:52] <cjs> panfist: Actually, most daemons I've seen, unless they're obviously insecure listening publically (i.e., nobody would *ever* do it), do listen on all interfaces.
[06:52] <jmarsden> cjs: exim, postfix? :)
[06:52] <twb> cjs: rsyslogd doesn't; portmap doesn't, vsftpd doesn't, dnsmasq doesn't.
[06:52] <panfist> then maybe i've only been playing around with those kinds of daemons
[06:53] <twb> (Hmm, I might have to check portmap...)
[06:53] <twb> It's not like tcpd or iptables-persistent is difficult to set up.  For me it's just part of deployment best practices, like installing etckeeper.
[06:53] <cjs> twb: postfix does indeed listen on all interfaces by default, if the package is installed.
[06:54] <cjs> twb: The point is, if you don't know to do that, or try to set up things more securely and get it wrong, you end up insecure.
[06:54] <cjs> I.e., the "I don't know what I'm doing default" is to put you in danger, rather than keep you safe.
[06:55] <cjs> If you wanted a web server, it is quickly obvious if it's not running. If you don't want one, many people won't ever know that it is running.
[06:55] <cjs> This is a very basic principle of network security: "default to the safe configuration, and become less safe only when the admin explicitly requests it."
[06:56] <cjs> Because even the most experienced admin will sometimes forget or make a mistake.
[07:04] <twb> I agree with you.
[07:10]  * ttx looks at the state of ISo testing this morning and is a sad poney
[07:13] <kaushal> hi
[07:13] <kaushal> is there a alternative technology for NFS Server ?
[07:14] <kaushal> I mean replacing NFS
[07:14] <twb> NFSv3, NFSv4, CIFS/SMB2 and AFS are widespread
[07:51] <ttx> Daviey: ping
[07:53] <sanderj> How come I got \040 instead of all my spaces in mysql history after I upgraded from 9.10 to 10.04 ?
[07:54] <sanderj> select * from test; became: select\040*\040from\040test;
[08:05] <Daviey> ttx: PONG
[08:05] <ttx> Daviey: did you test the UEC install on yesterdays last ISo ?
[08:05] <ttx> Daviey: we should have a new ISO in ~20min
[08:06] <ttx> respin from yesterday was oversized
[08:06] <Daviey> *sigh*
[08:06] <ttx> did you got a chance to test yesterday ?
[08:06] <Daviey> ttx: Ok.. I have the school run to do today, but will be back in an hour.
[08:07] <Daviey> ttx: Well i left it to get past the yaml issue, then killed it.
[08:07] <ttx> ok, so you still ahve to do the full topology 1 tsets anyway
[08:07] <ttx> (since nobody else did it overnight)
[08:08] <ttx> Daviey: see you in one hour :)
[08:08] <Daviey> ttx: \o
[08:30] <gkffjcs> I"m trying to configure my server with static ip addresses on two nic's One nic is connected to a local subnet, the other is connected to a second subnet, which also has internet access and a gateway. I have configured /etc/network/interfaces such that eth1 is on my local subnet, and eth0 is on the subnet which has internet access. I also configured eth0 with the proper gateway ip. I can ping to and from both subnets however,
[08:30] <gkffjcs> I cannot ping out to the internet, I have checked my routes and they look correct. Any ideas?
[08:31] <trapmax> where does your ping stop?
[08:33] <gkffjcs> huh, I can ping to any host on both subnets, both of which are on the 192.168.something.host. eg 192.168.0.3 and 192.168.1.10 both work. but for instance ping -c 10 www.google.com doesn't work.
[08:33] <trapmax> how about google dns with "ping 8.8.8.8"?
[08:34] <trapmax> traceroute 8.8.8.8
[08:34] <trapmax> etc
[08:35] <gkffjcs> that worked the ping 8.8.8.8
[08:35] <twb> mtr beats traceroute, and it's usually installed
[08:35] <trapmax> so it's dns problem?
[08:36] <gkffjcs> that is possible.
[08:36] <twb> trapmax: try "host google.com", or dig, or getent hosts, or nslookup, or busybox nslookup
[08:37] <twb> If that fails, but "host google.com 8.8.8.8" works, your resolv.conf is busted
[08:38] <trapmax> twb: i would rather start with pinging
[08:38] <trapmax> with an ip
[08:38] <twb> trapmax: sure
[08:39] <gkffjcs> the host www.google.com failed, but the host www.google.com 8.8.8.8 worked.
[08:43] <gkffjcs> allright, I updated my resolv.conf and now it's working Thanks!
[08:44] <trapmax> nice
[08:44] <twb> And NEXT time, you'll know how to do it without asking us
[08:44] <twb> If you're using DHCP, note that it tends to write resolv.conf, as does NM and pppoe and similar
[08:44] <twb> In such cases its better to fix the DNS server than resolv.conf
[08:54] <gkffjcs> thanks guys have a good one!
[09:20] <Daviey> ttx: Hmm.. has it been posted?
[09:20] <ttx> not yet
[09:20] <ttx> ~35min
[09:22] <Daviey> ttx: Reading scrollback in -release.. I don't understand what the plan is
[09:22] <ttx> Daviey: publisher just picked up the fixed hplip
[09:22] <Daviey> ttx: Are we still going for 20100701?
[09:22] <ttx> Daviey: respin will start as soon as the archive catches up
[09:22] <Daviey> ahh. ok, thanks
[09:22] <ttx> We'll have 20100701 available in ~35 min
[09:23] <ttx> DavidLevin: interesting sideeffect is...
[09:23] <ttx> oops
[09:23] <Daviey> ttx: Super, thanks
[09:23] <ttx> Daviey: ^
[09:23] <ttx> i386 will pick up the fixed kernel
[09:23] <Daviey> \o/
[09:23] <ttx> amd64 will still have the old one, with the fix a dist-upgrade away
[09:23] <Daviey> Which i guess is good to test.. as i tend to develop on amd64 only.
[09:25] <ttx> Daviey: so as soon as they are available, please run the topology 1 tests -- we'll need to be sure it's good ASAP
[09:25] <ttx> I'll run the standard basic tests on i386/amd64
[09:28] <Daviey> ttx: yep, if i don't straight away -> can you hilight me if you see them posted.
[09:28] <Daviey> thanks
[10:00]  * _ruben files Jeeves_' server
[10:07] <ttx> Daviey: it's all yours
[10:08] <Daviey> ttx: great
[10:18] <ttx> Daviey: if you start a test, mark it "started"
[10:18] <ttx> that should avoid duplication
[10:19] <Daviey> ttx, I'll be doing that shortly.. just thrown it on USB
[10:23] <e-DIO-t> mmh any idea of "fallling" performance if I use a dynagen emulated cisco ios instead of iptables?
[10:24] <e-DIO-t> [and....any idea about law implications too]
[10:37] <huats> morning
[10:59] <ttx> Daviey: how is it going ?
[11:00] <Daviey> ttx, Doing the installation as we speak
[11:20] <ttx> Daviey: fwiw the amd64 fixed kernel is already a dist-upgrade away
[11:20] <ttx> (on up to date archives near you)
[11:20] <Daviey> ttx, Hm.. how long ago?
[11:21] <Daviey> ttx, I have a local mirror that might need manual syncing
[11:21] <ttx> I just tried on some fr.archive.ubuntu.com, they got it
[11:21] <ttx> must have been a question of minutes
[11:21] <ttx> if you sync now you should have it
[11:21] <ttx> Daviey: looking good so far ? i.e. installing ?
[11:22] <Daviey> ttx, well i only wanted to commit one usb pendrive; and so "all in one" is installed and started as expected
[11:22] <Daviey> ttx, not long started the installation of nc
[11:22] <ttx> yay
[11:22] <Daviey> \o/
[11:25]  * ttx updates his last test result and goes for lunch
[11:28] <Mateo_> Hi everyone !
[11:29] <Mateo_> I'm trying to setup subdomain with virtualhosts but every subdomain redirects me to the folder of the domain...
[11:29] <Mateo_> this is my conf: http://pastebin.com/1u1wy21D
[11:31] <Mateo_> if someone have the time to take a look ..
[11:53] <trapmax> Mateo_: maybe change the NameVirtualHost sub1.mondomain.com:80 to NameVirtualHost *:80
[12:04] <Mateo_> trapmax: same error
[12:23] <KenBW2_work> I've added myself to the www-data group, and set /var/www/avdistribution to have 755 permissions, but can't edit files - any ideas?
[12:24] <tola> Hi, I've been following the tutorial to set up Ubuntu Enterprise Cloud. During installation I specified a range of available IP addresses but when I try and start an instance the cluster controller says "FinishedVerify: Not enough resources available: addresses (try --addressing private)". Any ideas what might have happened?
[12:24] <tola> KenBW2_work: It would need to be 775 to allow group members to write, I think
[12:25] <KenBW2_work> tola: sorry, i meant 775
[12:26] <tola> KenBW2_work: Did you apply chmod recursively using the -R flag?
[12:26] <KenBW2_work> yes
[12:26] <KenBW2_work> ls'ing the directory i'm trying to write to shows -rwxrwxr-x 1 www-data www-data  5542 2009-07-23 06:25 view.phtml
[12:27] <KenBW2_work> tola: as i understand it that shouldbe sufficient permissions
[12:27] <tola> KenBW2_work: yes, if you're a member of www-data it should be
[12:27] <KenBW2_work> $ grep www-data /etc/group
[12:27] <KenBW2_work> www-data:x:33:giant
[12:28] <KenBW2_work> giant is my user
[12:30] <tola> looks Ok to me
[12:30] <KenBW2_work> tola: i assume being in the www-data group and having 775 permissions is all i should need?
[12:31] <ttx> kirkland, Daviey, ccheney: please cover the UEC topologies in server ISO testing + some UEC cloud image testing
[12:32] <ttx> smoser: please cover AP AMIs + cloud image testing on Lucid UEC if you have some time
[12:32] <Daviey> ttx, Trying... but it seems i'm sort of blocked on another kernel issue \o/
[12:32] <ttx> hallyn, SpamapS: please cover some of the remaining tests on amd64 and i386 ISOs
[12:32] <tola> KenBW2_work: yes I would have thought so
[12:33] <ttx> hallyn: there is a "virtualization host" test that should be good for you, in particular
[12:33] <ttx> Daviey: another kernel issue ? One that wasn't in the PPA test kernel ?
[12:34] <Daviey> a platofrm issue, NIC not working
[12:34] <Daviey> ttx, ^
[12:34] <ttx> ah.
[12:34] <Daviey> ttx, Talking with the kernel peeps atm about it
[12:34] <ttx> I can tell it works alright on the laptop, so it must be one of the others
[12:35] <Daviey> ttx, bug 591707
[12:35] <ttx> that makes testing by kirkland/ccheney/hggdh all the more important
[12:35] <ttx> if you're blocked by your hw
[12:35] <Daviey> I'm not sure it should be added to the tracker, as it's pot luck i happend to have that hardware.. What do you think?
[12:36] <Daviey> ttx, Would you object if the kernel team asked me to upgrade the bios?
[12:36] <ttx> I agree
[12:36] <ttx> the bios of what ? Those rigs are yours now, do what you want of them :)
[12:37] <Daviey> ok.. thanks
[12:37] <Daviey> I just didn't wanna get moaned at if they break :P
[12:40] <ttx> spineau: around ?
[12:41] <spineau> ttx: hello
[12:41] <ttx> spineau: you still have 2 work items marked TODO for Alpha2:
[12:41] <ttx> Ensure access to additional rig #2 (Sylvain reported issues)
[12:41] <ttx> Ensure hggdh2's test additions work in checkbox
[12:42] <ttx> do you plan to complete them by the end of the day ?
[12:42] <ttx> or are they no longer relavnt, or should they be postponed ?
[12:42] <ttx> relevant*
[12:42] <spineau> ttx: let me check
[12:44] <spineau> ttx: second item can be closed, hggdh is well aware of checkbox recent additions
[12:44] <ttx> ok, could you mark it as DONE, then ?
[12:44] <ttx> what about the first one ?
[12:44] <spineau> ttx: access to the rig #2, I guess it's the platform one , right ?
[12:44] <ttx> spineau: I... suppose
[12:45] <tola> When installing Ubuntu Enterprise Cloud I provided a range of IP addresses and I can see that range in my /etc/eucalytpus.local.conf - but when I type "euca-describe-addresses" I get nothing
[12:45] <spineau> ttx: if yes, I haven't tried it, I'll postpone this one
[12:46] <spineau> ttx: I'm going to update the blueprint
[12:46] <ttx> spineau: mark as POSTPONED, then copy it to alpha3 as TODO
[12:46] <spineau> ttx: ok, thanks
[12:47] <ttx> thank you !
[12:47] <tola> Also, I don't understand the relationship between eucalytpus.conf and eucalytus.local.conf which have conflicting settings?
[12:49] <tola> eucalyptus.local.conf seems to be a addition made by Ubuntu to the upstream code
[12:56] <ttx> tola: "man eucalyptus.conf" is your friend
[12:56] <ttx> (also an Ubuntu addition to upstream code)
[12:58] <tola> ttx: I was just reading that actually and now I understand that eucalyptus.local.conf takes precedence and used by euca_conf and shouldn't be edited directly. What I don't understand is that the config looks OK but euca-describe-addresses still returns nothing
[12:59] <ttx> tola: right, that's the key issue
[12:59] <ttx> tola: what is your VNET_PUBLICIPS value ?
[13:00] <tola> ttx: 192.168.1.61-192.168.1.65
[13:00] <tola> for the full config: http://pastebin.com/BB8k0rfs
[13:00] <tola> That's what was generated during installation
[13:01] <ttx> hm, looks ok to me
[13:01] <ttx> tola: i suggest you look into the logs for obvious errors... and if you can't find out, open a bug
[13:01] <tola> ttx: OK, will do
[13:02] <ttx> Daviey: you have one TODO left which sounds like something you can't complete before the end of A2: "week 8 eucalyptus, euca2ools merge"
[13:03] <ttx> Daviey: unless it's done already ?
[13:04] <Daviey> ttx, Well it depends entirely what it means :)
[13:04] <Daviey> I can't do a merge this week, as we haven't had a new code drop
[13:04] <ttx> ok, then it should just be removed
[13:05] <Daviey> ttx, However, if i go through the cycle of doing a merge - i can call it done - even if no code changes? :)
[13:05] <ttx> then you should mark it DONE :)
[13:05] <Daviey> hah
[13:05] <ttx> your call... not TODO in all cases
[13:05] <Daviey> Well week 8 merge is up to date.. so i'll mark it DONE
[13:05] <ttx> \o/
[13:08] <tola> what is "--addressing private" for when starting instances?
[13:08] <ttx> tola: it's to avoid allocation of a public IP
[13:09] <tola> ttx: Where "public" means?
[13:10]  * ttx is tempted to answer "not private"...
[13:10] <ttx> EC2-like instances have a private address
[13:10] <ttx> one that can be used between instances
[13:10] <ttx> you /can/ allocate them a public IP
[13:11] <ttx> so that they are reachable from outside the cloud itself
[13:11] <tola> OK, that makes sense thanks. I was wondering if it might mean public as available to the whole Internet vs. private behind a firewall
[13:18] <smoser> ttx, i'll try the ap tests again right now.
[13:18] <ttx> smoser: cool
[13:25] <sommer> morning
[13:28] <smoser> ttx, i'll get on the UEC testing. i'm still getting insufficient capacity on ap-southeast-1 for the tests. it seems i can't get more than 1 or 2 instances.
[13:28] <ttx> smoser: ok, cool
[13:29] <smoser> i think we may have to accept that they're not going to get done.
[13:29] <ttx> sure
[13:29] <ttx> smoser: don't forget to keep time to mark off your last work items
[13:29] <smoser> i wish i had the problem where so many people wanted to give me money that I couldn't keep up.
[13:31] <ttx> hggdh, kirkland: around ?
[13:31] <ttx> hallyn: ping
[13:51] <hallyn> ttx: .
[13:51] <hallyn> ttx: what's up
[13:53] <ccheney> ttx, doing testing
[13:54] <ttx> ccheney: cool, are you on a specific testcase ?
[13:54] <ccheney> ttx, just started up again, but i had done the simple vm run through already with it working
[13:54] <ttx> hallyn: could you cover up some tests, like for example the "virtualization host" tests ?
[13:55] <ccheney> ttx, are the rest on the iso.qa tracker?
[13:55] <ttx> ccheney: I'm mostly concerned by the UEC tests, since Daviey is blocked
[13:56] <hallyn> ttx: sure, i'm trying tof ind those at the website...
[13:56] <ttx> hallyn: http://iso.qa.ubuntu.com/qatracker/result/4297/265 and http://iso.qa.ubuntu.com/qatracker/result/4298/266
[13:56] <ttx> hallyn: mark them started if you start them
[13:58] <hallyn> ttx: i recon' those must be doen on bare metal :)
[13:58] <ttx> hallyn: that's easier, yes
[13:58] <hallyn> ok, will do
[13:58] <ccheney> ttx, ok working on them now
[13:59] <hallyn> ttx: one last q - am i skewing the results by converting the iso's to a usb stick isntead of booting cd?
[13:59] <ttx> hallyn: no
[13:59] <ttx> that's perfectly acceptable :)
[13:59] <hallyn> excellent.  starting now
[14:00] <rahman> Hi, is it possible to chnage the "Display Name" field with snmpd ? I can set "syslocation"  and "syscontact" in smpd.conf but what about other fields?
[14:04] <rahman> just adding "sysname foobar" did the trick
[14:24] <Daviey> kirkland / ccheney: Are you around?
[14:24] <ccheney> Daviey, yes
[14:25] <Daviey> ccheney, Call?
[14:25] <ccheney> oh sorry
[14:25] <Daviey> Hmm.. kirkland?
[14:36] <ttx> Daviey, ccheney: should I run the UEC topology 1 test myself ?
[14:36] <Daviey> ttx, I think ccheney is running it now
[14:36] <ccheney> Daviey, working on it, but in our scrum atm
[14:36] <ccheney> ttx, ^
[14:37] <ttx> ccheney: looks like you started the "virtualization test", not the UEC minimal topology one
[14:37] <Daviey> ttx, I can confirm the "all in one" works.. but can't easily do the alpha 2 (unless i revert to lucid kernel)
[14:38]  * ttx starts up a i386 UEC test -- i'll let ccheney cover the amd64 one (http://iso.qa.ubuntu.com/qatracker/result/4297/494)
[14:40] <ttx> Daviey: can you use your rig to check the UEC images ?
[14:40] <ccheney> ttx: ok thanks
[14:40] <ttx> Daviey: http://iso.qa.ubuntu.com/qatracker/test/4261 and http://iso.qa.ubuntu.com/qatracker/test/4262
[14:43] <sponzor> ureadahead-other main process (835) terminated with status 4
[14:43] <sponzor> whats this?
[14:47] <Daviey> ttx, Yes..
[14:47] <Daviey> ttx, yes, still on scrum
[14:48] <tsun> I wanna use ubuntu server as domain controller, and i'm able to login from xp machine with samba user account, but he doesn't loads/writes profiles to the server
[14:48] <tsun> anyone?
[14:48] <Daviey> ttx, After this, is it ok for me to put testing on hold.. Euca want to help with maverick 1.7, and are waiting on me for something
[14:49] <sponzor> anyone?
[14:49] <ttx> Daviey: sure -- if smoser confirms he'll run the UEC images, you can even skip those
[14:49] <smoser> oh yeah. i was going to do that.
[14:50] <ttx> smoser: sooner is better than later, we don't have much time left to catch a kitten killer there
[14:50] <Daviey> ttx, Ok, if there is anything else left - i can pick it up after this upstream stuff.
[14:51] <ttx> Daviey: I set you free :)
[14:51] <Daviey> \o/ yah
[14:51] <smoser> ttx, will reboot and test.
[14:51] <ttx> ccheney: on amd64, you should need to dist-upgrade to fix your kernel
[14:51] <ccheney> ttx: ok
[14:52] <hggdh> ttx: good morning
[14:52] <ttx> hggdh: yo
[14:52] <smoser> hggdh, good morning
[14:52] <hggdh> smoser: good morning
[14:52] <hggdh> ttx: were you looking for me?
[14:53] <ttx> hggdh: I think ISO testing is now under control -- critical tests missing are UEC images (smoser on it) and UEC topology 1 / amd64 (ccheney on it)
[14:53] <hggdh> OK
[14:53] <ttx> hggdh: I was desperately seeking ISO testing manpower, but I think it's under control now
[14:53] <ttx> hggdh: you can cover your own "milestone testing"
[14:54] <hggdh> ttx: yes, of course. starting on it now
[14:54] <hggdh> (I mean, just after I reboot)
[14:54] <hggdh> Daviey: good morning, yes, most certainlybrb
[14:54]  * ttx runs UEC/i386 for kicks
[15:03] <hallyn> ttx: damnit, the broadcom nic in the vostro laptops aren't supported in the livecd, making iso testing problematic
[15:04] <hallyn> (hopefully it'll be on the cd after i reinstall as it was on the desktop cd, but i'm not convinced)
[15:04] <ttx> beh
[15:05]  * hallyn fjeers ruining the good install he had on this thing
[15:05] <hallyn> but that's why it's a crash-and-burn system  :)
[15:07] <sponzor> is this ubuntu 10.04 stable?
[15:08] <ttx> sponzor: 10.10 alpha 2
[15:09] <koruptid> Wondering if anyone might be able to help me out... I have a new 10.04 install and I need to transparently forward traffic from the box on a specific port to another box... I think I have iptables configured correctly but connections fail, is there a configuration element I'm missing?
[15:14] <Daviey> hallyn, Hmm.. I thought the non-free broadcom drivers were on the cd.. Have you tried enabling jockey?
[15:15] <Daviey> hallyn, It says you need to reboot.. but i haven't needed to.
[15:15] <Eskills> I have recently become the administrator of a file server. I am trying to clean it up as so many people have had free reign to put anything wherever they want.  The are so many copies of the same files on the server.  I seem to remember a program to consolidate to only one copy, but can't recall.
[15:15] <hallyn> Daviey: with the desktop cd, i had to install, then manually install the drivers after install
[15:15] <hallyn> Daviey: with this server image, though, the IDIOTIC installer is trying to d/l apt files over network
[15:15] <hallyn> so it's just hanging
[15:15] <Daviey> hallyn, Interesting... for broadcom wifi drivers, in Lucid ivecd - they were on the cd.
[15:15] <hallyn> looks like regression then
[15:19] <hallyn> all right it finally gave up on that.  would you consider not auto-loading broadcom drivers a bug that i should file?
[15:19] <hallyn> Daviey: ^
[15:19] <hallyn> or, ttx: ^
[15:21] <ttx> hallyn: yes (file a bug) but not necessarily against the ISo tracker
[15:22] <ttx> i.e. don't mark the test as failed
[15:26] <sponzor> i did raid1 /boot when installation asks me if i want to install grup yes or no?
[15:28] <Byte_> hi all
[15:28] <Byte_> i have a problem with my ubuntu Entreprise Cloud
[15:28] <luist> hello... i just installed a ubuntu server on a virtual machine, how do i disable firewall to let me ssh to this VM?
[15:29] <smoser> ttx, tests done and passed.
[15:29] <Byte_> when try to star a virtual host i have this error
[15:30] <koruptid> luist: did you install opensshd? server doesn't install it by default.
[15:30] <Byte_> FinishedVerify: Not enough resources (VmTypeAvailability{type=VmType{name='m1.small', cpu=1, disk=2, mem=192}, max=0, available=0} < 1: vm instances.
[15:30] <Byte_> can be this a rpoblem of my hardware?
[15:30] <luist> koruptid, oooh :)
[15:30] <Byte_> im only have 1gb of memory in the front end
[15:30] <ttx> smoser: good, thanks
[15:30] <koruptid> luist: always check your packages carefully. ;-)
[15:31] <ttx> Daviey: the NC seems broken
[15:31] <luist> koruptid, whats the package called?
[15:31] <ttx> Daviey: it's autoregistered, but doesn't start up logging things to nc.log
[15:31] <Daviey> ttx, *sigh*
[15:31] <PeterJanku1> Hi I have small problem with postfix, could you help me pleas?
[15:32] <Daviey> ttx, Any indication what the issue is?
[15:32] <ttx> Daviey: you didn't have any issue ?
[15:32] <koruptid> luist: off the top of my head not sure... the way to find it (and learn a little) would be to either "sudo aptitude" and look it up in the roles list or "sudo aptitide search openssh"
[15:32] <luist> koruptid, thanks
[15:32] <Daviey> ttx, My NC isn't on the network, due to the NIC kernel issue, so i didn't get that far
[15:33] <koruptid> ugh, need iptables afficionado. >_<
[15:34] <ttx> Daviey: I mean, in your recent tests, with old kernel etc
[15:34] <Daviey> ttx, Sorry, no - not had that issue
[15:36] <ttx> I'm investigating
[15:36] <PeterJanku1> Please...
[15:37] <Daviey> PeterJanku1, I'm sorry.. most of the regulars in here are snowed under testing the latest Alpha
[15:37] <koruptid> Byte: http://ubuntuforums.org/showthread.php?t=1335954 ... after a bit of googling
[15:37] <Daviey> PeterJanku1, It's a really busy time for us.
[15:37] <Daviey> PeterJanku1, but if you ask your question - you are more likely to get an answer
[15:37] <ttx> Daviey: ok, I know why it fails. The question is, how could it work for you
[15:37] <Daviey> ttx, How is it failing?
[15:38] <koruptid> Daviey: you know if any of the regulars are familiar with iptables... I'm on a bit of a time crunch with my issue
[15:38] <ttx> Daviey: looks like it's ignoring the nodes.list
[15:38] <ttx> Daviey: euca_conf and autoregistration write the node to the nodes.list
[15:38] <Daviey> ttx, Interesting.. i didn't think that area got touched since A1
[15:38] <PeterJanku1> OK. I have a small server with postfix only for sending warnings to the admin mail. Everything work fine, but sometime i have three new linex in my syslog:
[15:38] <PeterJanku1> Jul  1 15:53:59 VyrobaServer postfix/qmgr[1647]: EBDEC20069: from=<root@VyrobaServer>, size=447, nrcpt=1 (queue active)
[15:38] <PeterJanku1> Jul  1 15:54:20 VyrobaServer postfix/smtp[4393]: connect to example.net[192.0.32.10]:25: Connection timed out
[15:38] <PeterJanku1> Jul  1 15:54:20 VyrobaServer postfix/smtp[4393]: EBDEC20069: to=<email@example.net>, relay=none, delay=100559, delays=100538/0.01/21/0, dsn=4.4.1, status=deferred (connect to example.net[192.0.32.10]:25: Connection timed out)
[15:38] <ttx> Daviey: editing NODES= directly in eucalyptus.conf works
[15:39] <ttx> Daviey: looks like you missed a patch in your merge
[15:39] <PeterJanku1> I dont know who send mail to the email@example.net, and how can i diable it.
[15:39] <ttx> Daviey: but I can't see how it worked in your tests.
[15:39] <Daviey> ttx, Perhaps,, but as you say.. it should have failed in A1
[15:40] <Daviey> ttx, i'm investigating
[15:40] <ttx> Daviey: I mean, your recent tests
[15:40] <ttx> will file a bug
[15:40] <Daviey> ttx, Yeah.. but i mean i don't think that area has been touched since A1
[15:41] <Daviey> ttx, This is weird!
[15:42] <koruptid> PeterJanku1, is this machine behind a firewall?
[15:42] <Daviey> ttx, So - they are registering, but not showing in the availability zone?
[15:42] <PeterJanku1> yes
[15:42] <ttx> Daviey: they are registering, as in euca_conf works
[15:42] <ttx> but the addition in nodes.list ,never gets picked up by the CC
[15:43] <ttx> probably the specific patch that enables nodes.list was dropped
[15:43] <Daviey> PeterJanku1, grep -inr example.net /etc/postfix/ <-- should give an indicator
[15:44] <Daviey> ttx, 07-local_support_euca_conf-in.patch looks sane :/
[15:44] <PeterJanku1> Daviey: nothing return
[15:44] <Daviey> PeterJanku1, look in /etc/aliases ?
[15:45] <PeterJanku1> Daviey: # See man 5 aliases for format
[15:45] <PeterJanku1> postmaster:    root
[15:45] <PeterJanku1> clamav: root
[15:46] <Daviey> PeterJanku1, I'm really sorry, but i can't help further at this point - hopefully someone else can chime in
[15:46] <Daviey> ttx, Hmm
[15:46] <PeterJanku1> ok thanks a lot
[15:47] <Daviey> ttx, Hmm.. it could indeed have been dropped :(... but i really don't understand why it worked in A1
[15:47] <ttx> what worked in A1 ?
[15:48] <Daviey> ttx, This issue.
[15:48] <ttx> Daviey: on a call, brb
[15:48] <Daviey> ttx, Ok, am investigating
[15:51]  * ccheney brb, got to run to drugstore for wife
[15:53] <Byte_> i have a problem trying to star my first virtual machine in UEC
[15:53] <Byte_> y have this error all the time
[15:53] <Byte_> inishedVerify: Not enough resources (VmTypeAvailability{type=VmType{name='m1.small', cpu=1, disk=2, mem=192}, max=0, available=0} < 1: vm instances.
[15:53] <Daviey> ttx, For info.. it does seem to be a valid bug, i can see where the code is missing.
[15:54] <ttx> cool
[15:54] <Daviey> ttx, What is troubling more, is i can't see how it got dropped!!
[15:55] <soren> Byte_: As I said, you should mention where you are running this..
[15:56] <Byte_> im install UEC in a machine
[15:57] <Byte_> i create a default virtual host,
[15:57] <Daviey> ttx, If you can raise the bug, can you assign it to me please so i can see it
[15:57] <Byte_> im connect to the server with ssh and run this comand to start the machine
[15:57] <koruptid> If anyone could help me out... I'm trying to do a port forward using iptables... according to everything I'm reading it should work but it doesn't.
[15:57] <Byte_> euca-run-instances -k mykey emi-E0411078
[15:57] <soren> Byte_: Uh... You're running this on a rackspace cloud server, right?
[15:58] <Byte_> yes
[15:58] <soren> Ok, good. That's key information.
[15:58] <MTecknology> I have NO idea why I keep getting these errors. This user is legit traffic. They're not doing anything odd. I get a few thousand of these every day when this person works..   Jun 30 13:16:18 incipio kernel: [325790.562108] [UFW BLOCK] IN=eth0 OUT= MAC=52:54:00:63:d5:dc:54:42:49:02:8c:85:08:00 SRC=10.41.0.194 DST=10.41.0.5 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=22722 DF PROTO=TCP SPT=54308 DPT=80 WINDOW=16127 RES=0x00 ACK FIN URGP=0
[15:59] <MTecknology> I'm lost as to why I'm getting these - she doesn't even use that server much of ever
[15:59] <soren> Byte_: You should elaborate on what you've set up so far.
[16:00] <MTecknology> I'm guessing it has something to do with ACK FIN - but that's all I can get
[16:01] <MTecknology> They all come as either SYN or ACK FIN - afaict
[16:04] <MTecknology> Any ideas what it could be?
[16:05] <ttx> Daviey: got inet connection trouble
[16:08] <ttx> Daviey: not able to file the bug
[16:24] <bogeyd6> how can you look up who is the maintainer of a package?
[16:25] <soren> bogeyd6: Ubuntu packages customarily don't have maintainers in the same sense as Debian.
[16:25] <koruptid> Anyone here able to answer some questions with iptables?
[16:25] <bogeyd6> soren, there is a zoneminder package that is riddled with bugs and an incomplete install
[16:25] <soren> bogeyd6: Of course there are exceptions, but generally, all packages are maintained by everyone.
[16:26] <bogeyd6> *universe*
[16:26] <SpamapS> koruptid: just ask your question, if we know, we'll answer
[16:27] <bogeyd6> soren, like the whole purpose of zoneminder if the web interface for administration, yet the install doesnt setup the apache conf file
[16:27] <soren> bogeyd6: Never heard of it.
[16:27] <bogeyd6> ill file a bug
[16:27] <koruptid> SpamapS, I'm trying to configure the server to forward traffic on a port to another machine but all the tutorials I'm finding are designed for a machine acting as a gateway to an internal network.
[16:27] <ttx> Daviey: bug 600687
[16:29] <Daviey> ttx, thanks
[16:31]  * ccheney back
[16:32] <bogeyd6> bug 507004
[16:32] <bogeyd6> gonna go ahead and confirm that
[16:33] <bogeyd6> How do I mark that it affect 10.04 x64?
[16:35] <SpamapS> koruptid: thats because to do the port forwarding the machine *must* be the gateway for the machine it is forwarding to
[16:36] <SpamapS> koruptid: the only other way it will work is with a proxy
[16:53] <koruptid> SpamapS, what method would you recommend for that?
[16:58] <SpamapS> koruptid: something protocol-aware is the best. What protocol do you want to forward?
[17:00] <koruptid> SpamapS: it is a .NET Remoting app.
[17:01] <koruptid> SpamapS: TCP based... I think it may use a modified HTTP but I'm not sure
[17:10] <SpamapS> koruptid: "modified HTTP" == FAIL
[17:10] <SpamapS> koruptid: if they are screwing with HTTP.. they're seriously crack headed
[17:11] <SpamapS> koruptid: you can try haproxy ... it has the ability to proxy non-HTTP TCP protocols
[17:12] <SpamapS> hey has anyone setup postfix to do secure message delivery through a relay host and been able to get it to verify CA certs?
[17:13] <geneticx_> morning everyone, I know this is completely unrelated but can someone explain to me the difference between a single phase and three phase power circuit and how this affects a server?
[17:13]  * SpamapS should probably just switch to client side certs actually... hm
[17:14] <SpamapS> geneticx_: 3 phase power is more efficient for high load. Usually servers themselves don't support 3-phase, but high grade power management / battery backup units do
[17:15] <joel_> I'm running lucid on ec2, and I need to run kernel linux-ec2 2.6.32-307 because of LP #560717 (https://lists.ubuntu.com/archives/lucid-changes/2010-June/011427.html). I am looking for that aki in the 'ec2-describe-images --all' output, but I don't see it. suggestions?
[17:16] <geneticx_> SpamapS: sorry, when you say more efficient, you mean they consume less amps?
[17:17] <SpamapS> geneticx_: actually no, it just allows the transmission lines to be smaller and the transformers to be simpler.
[17:18] <ttx> smoser: you're all set wrt. cloud images ?
[17:18] <smoser> yeah, i think we're good.
[17:18] <SpamapS> geneticx_: "Large rectifier systems may have three-phase inputs; the resulting DC current is easier to filter (smooth) than the output of a single-phase rectifier. Such rectifiers may be used for battery charging," http://en.wikipedia.org/wiki/Three-phase_electric_power
[17:18] <smoser> and i even am getting i386 in ap-southeast-1 tested.
[17:19] <smoser> so the onlyt thing missing will be amd64 ap-southeast-1, and i've sniffed that they boot.
[17:19] <geneticx_> SpamapS: the reason why I ask is that we have 2 IBM bladecenters plugged into a 208V/60amp 3phase and we are looking into lowering this to single phase, but I really don't know how this will affect the servers
[17:19] <joel_> smoser: actually I'm reading your blog re: my issue... thanks for writing up how to do an upgrade
[17:20] <smoser> woohoo, a reader of my blog other than my mom
[17:20] <smoser> :)
[17:20] <ttx> smoser: that's me
[17:20] <ttx> been reading up the cloud-config post for a presentation :)
[17:20]  * ttx eods, will bbl
[17:22] <SpamapS> geneticx_: for blades 3 phase is probably saving you a little bit on heat and power consumption
[17:22] <joel_> smoser: how do new ubuntu kernels become available as an aki? do we wait on canonical to release them, or could I create one?
[17:23] <smoser> joel_, you sit and wait until i smile upon you :)
[17:23] <smoser> only priviledge accounts are allowed to register kernels on ec2.  Canonical is one of those.
[17:24] <smoser> the canonical account uploads new kernels anytime its uploading a new build that has a kernel that isn't published yet.
[17:24] <smoser> and new builds are done daily/semi-weekly.
[17:24] <SpamapS> geneticx_: why are you switching it to single phase? are you not fully utilizing the blade center?
[17:26] <geneticx_> SpamapS: that makes sense. Yeah, we are not fully utilizing it. We have a 208V/60 amp 3phase circuit with only 1 bladecenter and we are currently at 10 amps right now
[17:27] <geneticx_> and difference in price between a single phase and three phase is around 1K
[17:27] <joel_> smoser: ok great... I've installed 2.6.32-307 in my instance, which was built around june 18, so I guess the aki would be coming shortly?
[17:27] <SpamapS> geneticx_: the only reason to have 3-phase is to max it out. :)
[17:27] <geneticx_> a month
[17:28] <geneticx_> SpamapS: I agree
[17:28] <SpamapS> geneticx_: if you ever need to fully utilize those two blade centers you'll probably save money w/ 3phase because it will take two single phase circuits
[17:28] <SpamapS> but, by then you'll have realized that blades are a losing battle and just buy a big box and use virtualization ;)
[17:29] <smoser> where do you see that 2.6.32-307 was built ~ june 18 ?
[17:29] <smoser> https://launchpad.net/ubuntu/+source/linux-ec2 shows it just occurred
[17:30] <smoser> ah.
[17:30] <joel_> ah, sorry... I was going off https://lists.ubuntu.com/archives/lucid-changes/2010-June/011427.html
[17:31] <geneticx_> SpamapS: yeah the thing is we don't get billed by power consumption but for having those circuits there. =(
[17:31] <joel_> assumed it would be +/- a few days, but obviously I should have checked LP
[17:31] <SpamapS> geneticx_: yeah thats pretty much everybody
[17:32] <koruptid> how do you detect if apparmor is blocking something?
[17:32] <smoser> my guess is it just made it into updates from proposed.
[17:32] <smoser> the next lucid build (which builds twice weekly) will pick it up if it is in updates
[17:32] <smoser> there is a bug in our process in that nothing publishes kernels from -proposed
[17:33] <joel_> ok cool, I will look out for it
[17:34] <joel_> thanks for the great work
[17:34] <geneticx_> SpamapS: so I don't see how we can save money later on if the blades will work on either single or three phase
[17:38] <SpamapS> geneticx_: if a single blade center hits 15 amps .. you're S.O.L .. many companies will shut off a 20 amp circuit that sustains 15 amps.
[17:38] <SpamapS> I know we had to ask for permission to raise ours to 17 amps because for 3 hours a day we had boxes crunching numbers and taking our circuits to that level
[17:38] <SpamapS> (in a Savvis data center)
[17:40] <SpamapS> damn..
[17:40] <SpamapS> alpha2 seems to boot in about 2 seconds on vmware
[17:40] <smoser> can i get someone to please sponsor a -proposed upload for the landscape team ?
[17:41] <smoser> kirkland maybe?
[17:41] <geneticx_> 80% utilization eh!? so what do you think, lower to single phase (save some on the bill) or stay with the current set up
[17:41] <SpamapS> geneticx_: save on the bill, monitor utilization
[17:42] <SpamapS> geneticx_: plus, if you do have to switch back, there should be no install charge since you already had 3phase.
[17:43] <geneticx_> SpamapS: sounds good, these PDUs we have in place now don't need to be changed right?
[17:44] <SpamapS> geneticx_: probably.
[17:45] <SpamapS> geneticx_: I mean, a switch or setting yes
[17:45] <SpamapS> geneticx_: *definitely* RTFM on that
[17:46] <koruptid> okay, ran into another issue here... I have haproxy installed and configured... it works just find running it by hand using sudo, but running it with init.d/haproxy start nothing happens
[17:47] <smoser> bug 594594 has branch lp:~free.ekanayaka/landscape-client/lucid-1.5.2.1-0ubuntu0.10.04.0
[17:49] <SpamapS> koruptid: because there's no config file?
[17:50] <koruptid> SpamapS, there's a config file... /etc/haproxy/haproxy.cfg
[17:51] <geneticx_> SpamapS: I will, thank you sir
[17:52] <RoyK^> hi all - quick ssh tunnel question in case someone has it ready - I want to ssh from my laptop (a) into box (b) and have that act as a 'proxy' to host c:80 - how can I do that with ssh? -R?
[17:53] <RoyK^> box (b) and (c) are behind the same firewall
[17:53] <koruptid> SpamapS, found it /etc/default/haproxy was 0.
[17:54] <RoyK^> ah - got it -L
[17:54] <SpamapS> koruptid: ugh.. I hate that.
[17:56] <koruptid> SpamapS, whose bright idea was it to make it so that by default a newly installed daemon won't be able to start?
[18:01] <luist> how do i mount remote home (NIS) from ext3 to my ubuntu server that is ext4?
[18:02] <SpamapS> koruptid: I don't know.. its already listed as a bug I think.
[18:02] <SpamapS> koruptid: I think the idea is you need to configure it before you enable it.
[18:06] <koruptid> SpamapS, yeah... be really REALLY nice if it said that in the install output. >_<  oh well, got it working in the long run and it may yet save my bacon, lol.
[18:10] <SpamapS> koruptid: I think the startup scripts should say something like "DISABLED" when they encounter ENABLED==0 .. most of them just exit 0
[18:11] <hggdh> question on debian-installer preseed, Maverick A2. How can I select a specific mirror to use? I am getting set to gb.archive.ubuntu.com, and I do not see where I can set it: http://pastebin.ubuntu.com/457920/
[18:11] <koruptid> SpamapS, that seems like a very reasonable change that would save people a lot of headaches
[18:17] <ccheney> ttx, i tested uec 1 on maverick amd64 and it won't start a instance complaining about libvirt
[18:17] <ccheney> ttx, have you seen any other complaints about that?
[18:21] <luist> help please... trying to mount users homes from nis server and getting this: http://pastie.org/1026904  the fstab line is: 192.168.0.1:/home/users/       /home/users     nfs     defaults        0 0
[18:27] <cloakable> luist: have you installed nfs-common on the client?
[18:29] <luist> cloakable, hm.. no... installing it now
[18:30] <cloakable> luist: that would be your problem
[18:43] <luist> cloakable, thanks it worked :)
[18:44] <cloakable> luist: of course it did ;)
[18:44] <cloakable> I've setup NFS $HOME many a time :)
[18:44] <koruptid> luist, okay... I can't resist...
[18:45]  * koruptid hands luist a shiny new facepalm
[18:45] <cloakable> xD
[18:46] <luist> thats what i get for coming back to thank :P
[18:47] <cloakable> ;)
[18:47] <koruptid> luist that's okay... I've had at least four facepalms today
[18:48] <koruptid> luist, latest one was realizing that the init.d scripts on new daemons tend to be disabled by default. Another was when I "restarted" ufw thinking it was already running and locked myself out
[18:50] <koruptid> here's a question for ya'll... is /etc/sudoers read lilo when it comes to how it assigns rules?
[18:52] <cloakable> Why would /etc/sudoers read lilo?
[18:52] <koruptid> cloakable, I mean as in last rule in the file gets preference over first... last in last out
[18:53] <cloakable> I'm not sure
[18:53] <cloakable> Actually, it's in /etc/sudoers if you read it
[18:54] <cloakable> # Uncomment to allow members of group sudo to not need a password
[18:54] <cloakable> # (Note that later entries override this, so you might need to move
[18:54] <cloakable> # it further down)
[18:54] <cloakable> So yes, sudoers is read lilo
[18:54] <cloakable> So yes, sudoers is read lifo
[18:54] <cloakable> Well
[18:55]  * cloakable hands koruptid a shiny facepalm :)
[18:55] <koruptid> yay! facepalm for me
[18:55] <koruptid> I must have deleted those lines, lol
[18:55] <cloakable> heh
[18:56] <luist> can anyone help me to configure NIS? i mounted the remote home and service is running, /etc/defaultdomain is correct and /etc/yp.conf has the right conf also... (same of a machine that already has a working NIS) what else am i missing?
[18:57] <cloakable> You're missing LDAP
[18:58] <cloakable> ;)
[18:58] <ttx> ccheney: yes
[18:59] <koruptid> ugh, ufw is really really starting to get on my nerves
[19:00] <cloakable> disable it
[19:00] <ttx> ccheney: thought it was an apparmor thing (bug 599450)
[19:00]  * cloakable dislikes ufw
[19:00] <ttx> ccheney: but I didn't really manage to make it boot, even after that
[19:00] <koruptid> cloakable, I'd prefer to have it enabled... I'm just trying to figure out why it is ignoring the app list
[19:01] <SpamapS> hrm..
[19:01] <SpamapS> so I just booted with BOOT_DEGRADED=false ...
[19:01] <SpamapS> both disks are available..
[19:01] <SpamapS> but the RAID1 arrays all came up degraded
[19:01] <SpamapS> as in.. missing one disk entirely
[19:02] <ttx> ccheney: have a try with apparmor disabled, see if you go further -- file a bug if that fails
[19:02] <ttx> SpamapS: https://bugs.launchpad.net/ubuntu/lucid/+source/mdadm/+bug/557429 ?
[19:02] <koruptid> SpamapS, I'll better you on that one... my install says I have a hardware raid that doesn't exist
[19:03] <ttx> SpamapS: or another one ?
[19:03] <ttx> alpha2 is out, fwiw
[19:04] <SpamapS> I'm not sure if its the same thing
[19:04] <ttx> sounds slightly different from your desc
[19:05] <luist> cloakable, was that for me?
[19:06] <SpamapS> ttx: yes it doesn't seem entirely reproducible either.. so maybe race or something
[19:08] <SpamapS> ttx: no I think this may be the same thing
[19:08] <ttx> SpamapS: there is no reason why this one would be magically fixed
[19:09] <SpamapS> ttx: its a bit scary. I always thought mdadm would "do the right thing" and fail miserably if anything was inconsistent
[19:10] <ttx> SpamapS: it needs some love
[19:11] <luist> can anyone help me to configure NIS? i mounted the remote home and service is running, /etc/defaultdomain is correct and /etc/yp.conf has the right conf also... (same of a machine that already has a working NIS) what else am i missing?
[19:11] <SpamapS> ttx: in this case, what I don't like is that the only indication outside /proc/mdstat I have is three lines saying "DegradedArray event detected" ...
[19:14] <SpamapS> might also have been bug 539597
[19:15] <SpamapS> no thats not it..
[19:17] <cloakable> luist: yes :)
[19:18] <cloakable> !nis
[19:18] <cloakable> Hmm
[19:20] <luist> cloakable, i cant use ldap here.. everything uses nis already
[19:20] <koruptid> speaking of... if a non-mirrored swap drive dies on ubuntu server... what happens?
[19:21] <joel_> you'll have to clean your fan
[19:22] <cloakable> luist: poor you
[19:22] <luist> cloakable, yes :( now help me?
[19:22] <cloakable> luist: Switch to ldap?
[19:22] <ccheney> ttx, ok, just got back from lunch
[19:22] <koruptid> I'm just wondering if it kernel panics or not... right now I have my system set up so that the swap space doesn't mirror for obvious performance reasons.
[19:22] <luist> cloakable,  -.-
[19:22] <ttx> ccheney: dos what I say make sense ?
[19:22] <ttx> does*
[19:23] <cloakable> luist: I set up NIS once. Then I regained my sanity.
[19:24] <cloakable> Now I use LDAP, and everything is well
[19:24] <ccheney> ttx, i think so, trying it now
[19:24] <ccheney> ttx, that fixed it
[19:24] <ccheney> ttx, is the apparmor bug already documented?
[19:25] <ttx> ccheney: you can start instances ? they end up running ?
[19:25] <ttx> bug 599450
[19:25] <ccheney> ttx, yes
[19:25] <ccheney> ah yea ok
[19:25] <ttx> ccheney: good!
[19:26] <ttx> only two known bugs preventing usage out of the box (with workarounds) -- not too bad
[19:26] <ttx> kirkland, jiboumans : ccheney managed to run an instance, once bug 600687 and bug 599450 are workedaround
[19:27] <ttx> so we have a known status for A2 now
[19:28] <ttx> ccheney: register test results (PASS with two bugs)
[19:28] <ccheney> ok
[19:29] <kirkland> ttx: ccheney: cool, thanks, guys
[19:29] <ccheney> glad to see all the bugs are already documented :)
[19:30] <ttx> ccheney: that apparmor issue is also preventing mysql from starting up
[19:35] <ccheney> ttx, yea saw in the report
[19:35] <bogeyd6> ubuntu keyserver is being very slow today
[19:36] <bventura> hello, when i log into ubuntu on a shell I get a message "37 packages can be updated. 16 updates are security updates. ".... where does that summary come from, how can I get aptitude or dpkg to summarize like that (so i can get a cronjob to mail the info to me on the regular) ?
[19:37] <bogeyd6> bventura, comes from landscape-common and apticron will email you the updates
[19:37] <bventura> cool thanks ill check it out
[19:42] <Daviey> ccheney, Glad the apparmor isn't my problem :)
[19:43] <ccheney> Daviey, yea
[19:58] <kirkland> smoser: did you get that upload sponsored?
[19:58] <smoser> mathiaz, did I ?
[20:02] <mathiaz> smoser: On my way
[20:02] <mathiaz> smoser: I'll do it by today
[20:02] <mathiaz> smoser: is this enough or should I do it earlier?
[20:02] <smoser> mathiaz, today is good enough. thanks.
[20:05] <kirkland> smoser: mathiaz: okay, so i won't worry abou this
[20:13] <tyska> is there some way to see creation date of files????
[20:17] <guntbert> tyska: stat filename shows three timestamps - one is the creation
[20:17] <xperia> hello to all. i am looking for documentation how to setup easy and secure "simply machine forums" on my ubuntu lucid server ? does anybody know a howto for that ? the websearch does nothing delever for that
[21:54] <cemc> is there a way to find out the order of installed packages? with apt-get or dpkg maybe? I would like to see the last X number of packages that were installed
[22:14] <EvilTrek> i'm trying to configure BIND9, and I followed the guide located at https://help.ubuntu.com/community/BIND9ServerHowto
[22:14] <EvilTrek> but its not working o.o
[22:14] <EvilTrek> and yes i specified the IP of the server in network configs on the systems that use the DNS server
[22:15] <EvilTrek> syslog shows no errors...
[22:15] <EvilTrek> and...
[22:16] <EvilTrek> http://starfleet.pastebin.com/0CujvHVj   <--- this is one of the things i've named in the server with an IN A <ip> entry
[22:16] <EvilTrek> in the main db
[22:16] <EvilTrek> er zone's db
[22:19] <EvilTrek> can someone help me out with BIND9?
[22:26] <sponzor> i do /etc/init.d/hostname restart and get replay Rather than invoking init scripts through /etc/init.d, use the service(8) ...
[22:33] <sponzor> anyone?
[22:53] <Danawar2> .w
[22:54] <hggdh> sponzor: I am not sure what is your question
[23:03] <cloakable> sponzor: so um, "man 8 service"?
[23:04] <cloakable> When did rtfm go out of fashion?
[23:50] <maek> what are some the way I can deploy ubuntu server automated and over the network?
[23:50] <SpamapS> maek: can you pxe boot?
[23:51] <maek> SpamapS: yes
[23:51] <maek> im looking for a kickstart replacment or the nod that kickstart is the way
[23:51] <maek> is preseed the same as kickstart?
[23:51] <SpamapS> kickstart is the way, AFAIK
[23:52] <SpamapS> https://help.ubuntu.com/community/PXEInstallServer  note: I haven't tried that exact documentation's steps
[23:52] <EvilTrek> anyone here know bind9 well?